Try Lead2pass Latest Dumps To Pass The Exam Successfully

[Up-to-Dated] New Lead2pass 70-411 Dumps PDF Version Released For Free Downloading (1-20)

admin August 17, 2017
Comments Off on [Up-to-Dated] New Lead2pass 70-411 Dumps PDF Version Released For Free Downloading (1-20)

2017 August Microsoft Official New Released 70-411 Q&As in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

There are many companies that provide 70-411 braindumps but those are not accurate and latest ones. Preparation with Lead2pass 70-411 new questions is a best way to pass this certification exam in easy way.

QUESTION 1Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. All client computers run Windows 8 Enterprise. DC1 contains a Group Policy object (GPO) named GPO1. You need to deploy a VPN connection to all users.What should you configure from Users Configuration in GPO1?

Answer: CExplanation:http://technet.microsoft.com/en-us/library/cc772107.aspxTo create a new Dial-Up Connection preference itemOpen the Group Policy Management Console. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit.In the console tree under Computer Configuration or User Configuration, expand the Preferences folder, and then expand the Control Panel Settings folder. Right-click the Network Options node, point to New, and select Dial-Up Connection.

QUESTION 2Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run Windows Server 2008, Windows Server 2008 R2 Windows Server 2012, and Windows Server 2012 R2.A domain controller named DC1 runs Windows Server 2012 R2. DC1 is backed up daily.During routine maintenance, you delete a group named Group1.You need to recover Group1 and identify the names of the users who were members of Group1 prior to its deletion. You want to achieve this goal by using the minimum amount of administrative effort.What should you do first?

A. Perform an authoritative restore of Group1.B. Mount the most recent Active Directory backup.C. Use the Recycle Bin to restore Group1.D. Reactivate the tombstone of Group1.

Answer: AExplanation:The Active Directory Recycle Bin does not have the ability to track simple changes to objects. If the object itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the future.In other words, there is no rollback capacity for changes to object properties, or, in other words, to the values of these properties. There is another approach you should be aware of. Tombstone reanimation (which has nothing to do with zombies) provides the only way to recover deleted objects without taking a DC offline, and it’s the only way to recover a deleted object’s identity information, such as its objectGUID and objectSid attributes. It neatly solves the problem of recreating a deleted user or group and having to fix up all the old access control list (ACL) references, which contain the objectSid of the deleted object.Restores domain controllers to a specific point in time, and marks objects in Active Directory as being authoritative with respect to their replication partners.

QUESTION 3Your network contains an Active Directory domain named adatum.com. You have a standard primary zone named adatum.com. You need to provide a user named User1 the ability to modify records in the zone. Other users must be prevented from modifying records in the zone. What should you do first?

A. Run the Zone Signing Wizard for the zone.B. From the properties of the zone, change the zone type.C. Run the new Delegation Wizard for the zone.D. From the properties of the zone, modify the Start Of Authority (SOA) record.

Answer: BExplanation:The Zone would need to be changed to a AD integrated zone When you use directory-integrated zones, you can use access control list (ACL) editing to secure a dnsZone object container in the directory tree. This feature provides detailed access to either the zone or a specified resource record in the zone. For example, an ACL for a zone resource record can be restricted so that dynamic updates are allowed only for a specified client computer or a secure group, such as a domain administrators group. This security feature is not available with standard primary zonesDNS update security is available only for zones that are integrated into Active Directory. After you integrate a zone, you can use the access control list (ACL) editing features that are available in the DNS snap-in to add or to remove users or groups from the ACL for a specific zone or for a resource record.Standard (not an Active Directory integrated zone) has no Security settings:

You need to firstly change the “Standard Primary Zone” to AD Integrated Zone:

QUESTION 4Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the Network Policy Server role service installed.You need to enable trace logging for Network Policy Server (NPS) on Server1.Which tool should you use?

Answer: DExplanation:You can use log files on servers running Network Policy Server (NPS) and NAP client computers to help troubleshoot NAP problems. Log files can provide the detailed information required for troubleshooting complex problems.You can capture detailed information in log files on servers running NPS by enabling remote access tracing. The Remote Access service does not need to be installed or running to use remote access tracing. When you enable tracing on a server running NPS, several log files are created in %windir%\tracing.The following log files contain helpful information about NAP:IASNAP.LOG: Contains detailed information about NAP processes, NPS authentication, and NPS authorization.IASSAM.LOG: Contains detailed information about user authentication and authorization.Membership in the local Administrators group, or equivalent, is the minimum required to enable tracing. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups(http://go.microsoft.com/fwlink/?LinkId=83477).To create tracing log files on a server running NPSOpen a command line as an administrator.Type netshras set tr * en.Reproduce the scenario that you are troubleshooting.Type netshras set tr * dis.Close the command prompt window.http://technet.microsoft.co47m/en-us/library/dd348461%28v=ws.10%29.aspx

QUESTION 5You have a server named Server1 that has the Web Server (IIS) server role installed. You obtain a Web Server certificate. You need to configure a website on Server1 to use Secure Socket Layer (SSL).To which store should you import the certificate? To answer, select the appropriate store in the answer area.

Answer:

Explanation:The certificate for the Web server must be in the memory own certificates on the local computer to import. The import can be either with the Certificates snap-in or the Internet Information Services (IIS) Manager on the feature page server certificates done.

QUESTION 6Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. DC1 is a DNS server for contoso.com.The properties of the contoso.com zone are configured as shown in the exhibit. (Click the Exhibit button.)

The domain contains a server named Server1 that is part of a workgroup named Workgroup. Server1 is configured to use DC1 as a DNS server. You need to ensure that Server1 dynamically registers a host (A) record in the contoso.com zone. What should you configure?

A. The Dynamic updates setting of the contoso.com zoneB. The workgroup name of Server1C. The primary DNS suffix of Server1D. The Security settings of the contoso.com zone

Answer: CExplanation:When any computer or a standalone server is added to a domain as a member, the network identifies that computer with its Fully Qualified Domain Name or FQDN. A Fully Qualified Domain Name consist of a hostname and the DNs suffix separated by a “.” called period. An example for this can be server01.msftdomain.com where “server01 is the hostname of the computer and “msftdomain.com” is the DNS suffix which follows the hostname. A complete FQDN of a client computer or a member server uniquely identifies that computer in the entire domain.Primary DNS suffix must manually be added in Windows 8 computer to change its hostname to Fully Qualified Domain Name so that it becomes eligible to send queries and receive responses from the DNS server. Following are the steps which can be implemented to add primary DNS suffix to a Windows 8 computer hostname:Log on to Windows 8 computer with administrator account.From the options available on the screen click Control Panel.On the opened window click More Settings from the left pane.On the next window click System and Security category and on the appeared window click System. On View basic information about your computer window click Change settings under Computer name, domain, and workgroup settings section.On System Properties box make sure that Computer Name tab is selected and click Change button.On Computer Name/Domain Changes box click More button.On DNS Suffix and NetBIOS Computer Name box type in the DNS domain name as the DNS suffix to the Windows 8 computer under Primary DNS suffix of this computer field. Click Ok button on all the boxes and restart the computer to allow changes to take effect.

For years, Windows DNS has supported dynamic updates, whereas a DNS client host registers and dynamically updates the resource records with a DNS server. If a host’s IP address changes, the resource record (particularly the A record) for the host is automatically updated, while the host utilizes the DHCP server to dynamically update its Pointer (PTR) resource record. Therefore, when a user or service needs to contact a client PC, it can look up the IP address of the host. With larger organizations, this becomes an essential feature, especially for clients that frequently move or change locations and use DHCP to automatically obtain an IP address. For dynamic DNS updates to succeed, the zone must be configured to accept dynamic updates:

QUESTION 7Your network contains an Active Directory domain named contoso.com. The domain contains six domain controllers named DC1, DC2, DC3, DC4, DC5, and DC6. Each domain controller has the DNS Server server role installed and hosts an Active Directory-integrated zone for contoso.com. You plan to create a new Active Directory-integrated zone named litwareinc.com that will be used for testing. You need to ensure that the new zone will be available only on DC5 and DC6.What should you do first?

Answer: AExplanation:A partition is a data structure in AD DS that distinguishes data for different replication purposes. When you create an application directory partition for DNS, you can control the scope of replication for the zone that is stored in that partitionhttp://technet.microsoft.com/en-us/library/cc754292.aspx

QUESTION 8Your network contains a DNS server named Server1 that runs Windows Server 2012 R2. Server1 has a zone named contoso.com. The network contains a server named Server2 that runs Windows Server 2008 R2. Server1 and Server2 are members of an Active Directory domain named contoso.com. You change the IP address of Server2. Several hours later, some users report that they cannot connect to Server2.On the affected users’ client computers, you flush the DNS client resolver cache, and the users successfully connect to Server2. You need to reduce the amount of time that the client computers cache DNS records from contoso.com. Which value should you modify in the Start of Authority (SOA) record? To answer, select the appropriate setting in the answer area.

Answer:

Explanation:The Default TTL, is just that a default for newly created records. Once the records are created their TTL is independent of the Default TTL on the SOA. Microsoft DNS implementation copies the Default TTL setting to all newly created records their by giving them all independent TTL settings.SOA Minimum Field: The SOA minimum field has been overloaded in the past to have three different meanings, the minimum TTL value of all RRs in a zone, the default TTL of RRs which did not contain a TTL value and the TTL of negative responses.Despite being the original defined meaning, the first of these, the minimum TTL value of all RRs in a zone, has never in practice been used and is hereby deprecated. The second, the default TTL of RRs which contain no explicit TTL in the master zone file, is relevant only at the primary server. After a zone transfer all RRs have explicit TTLs and it is impossible to determine whether the TTL for a record was explicitly set or derived from the default after a zone transfer. Where a server does not require RRs to include the TTL value explicitly, it should provide a mechanism, not being the value of the MINIMUM field of the SOA record, from which the missing TTL values are obtained. How this is done is implementation dependent.TTLs also occur in the Domain Name System (DNS), where they are set by an authoritative name server for a particular resource record. When a caching (recursive) nameserver queries the authoritative nameserver for a resource record, it will cache that record for the time (in seconds) specified by the TTL. If a stub resolver queries the caching nameserver for the same record before the TTL has expired, the caching server will simply reply with the already cached resource record rather than retrieve it from the authoritative nameserver again.

Shorter TTLs can cause heavier loads on an authoritative nameserver, but can be useful when changing the address of critical services like Web servers or MX records, and therefore are often lowered by the DNS administrator prior to a service being moved, in order to minimize disruptions.

QUESTION 9Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. You enable and configure Routing and Remote Access (RRAS) on Server1. You create a user account named User1. You need to ensure that User1 can establish VPN connections to Server1.What should you do?

A. Create a network policy.B. Modify the members of the Remote Management Users group.C. Create a connection request policy.D. Add a RADIUS client.

QUESTION 10Drag and Drop QuestionYou have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed.All of the VPN servers on your network use Server1 for RADIUS authentication.You create a security group named Group1.You need to configure Network Policy and Access Services (NPAS) to meet the following requirements:

– Ensure that only the members of Group1 can establish a VPN connection to the VPN servers.– Allow only the members of Group1 to establish a VPN connection to the VPN servers if the members are using client computers that run Windows 8 or later.

Which type of policy should you create for each requirement?To answer, drag the appropriate policy types to the correct requirements. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Answer:

QUESTION 11Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.Server1 has the Network Policy Server server role installed.You need to allow connections that use 802.1x.What should you create?

Answer: BExplanation:802.1X – uses EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication methods:EAP (Extensible Authentication Protocol) uses an arbitrary authentication method, such as certificates, smart cards, or credentials. EAP-TLS (EAP-Transport Layer Security) is an EAP type that is used in certificate- based security environments, and it provides the strongest authentication and key determination method.EAP-MS-CHAP v2 (EAP-Microsoft Challenge Handshake Authentication Protocol version 2) is a mutual authentication method that supports password-based user or computer authentication.PEAP (Protected EAP) is an authentication method that uses TLS to enhance the security of other EAP authentication protocols.Connection request policies are sets of conditions and settings that allow network administrators to designate which Remote Authentication Dial-In User Service (RADIUS) servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used for RADIUS accounting.With connection request policies, you can use NPS as a RADIUS server or as a RADIUS proxy, based on factors such as the following:The time of day and day of the weekThe realm name in the connection requestThe type of connection being requestedThe IP address of the RADIUS client

QUESTION 12You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed. On Server1, you create a network policy named PPTP_Policy. You need to configure PPTP_Policy to apply only to VPN connections that use the PPTP protocol.What should you configure in PPTP_Policy?

A. The Service TypeB. The Tunnel TypeC. The Framed ProtocolD. The NAS Port Type

Answer: BExplanation:A. Restricts the policy to only clients specifying a certain type of service, such as Telnet or Point to Point Protocol connections.B. Restricts the policy to only clients that create a specific type of tunnel, such as PPTP or L2TP.C. Restricts the policy to clients that specify a certain framing protocol for incoming packets, such as PPP or SLIP.D. Allows you to specify the type of media used by the client computer to connect to the network. http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx

QUESTION 13Your network contains a RADIUS server named Server1. You install a new server named Server2 that runs Windows Server 2012 R2 and has Network Policy Server (NPS) installed. You need to ensure that all accounting requests for Server2 are forwarded to Server1. On Server2, you configure a Connection Request Policy.What else should you configure on Server2? To answer, select the appropriate node in the answer area.

Answer:

Explanation:When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the domain where the user or computer account is located. For example, if you want to forward connection requests to one or more RADIUS servers in untrusted domains, you can configure NPS as a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain. To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages.When you configure a remote RADIUS server group in NPS and you configure a connection request policy with the group, you are designating the location where NPS is to forward connection requests. http://technet.microsoft.com/en-us/library/cc754518.aspx

QUESTION 14Your network contains two Active Directory forests named contoso.com and adatum.com. The contoso.com forest contains a server named server1.contoso.com. The adatum.com forest contains a server named server2.adatum.com. Both servers have the Network Policy Server role service installed. The network contains a server named Server3. Server3 is located in the perimeter network and has the Network Policy Server role service installed. You plan to configure Server3 as an authentication provider for several VPN servers. You need to ensure that RADIUS requests received by Server3 for a specific VPN server are always forwarded to server1.contoso.com.Which two should you configure on Server3? (Each correct answer presents part of the solution. Choose two.)

Answer: BEExplanation:When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the domain where the user or computer account is located. For example, if you want to forward connection requests to one or more RADIUS servers in untrusted domains, you can configure NPS as a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain.To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages.When you configure a remote RADIUS server group in NPS and you configure a connection request policy with the group, you are designating the location where NPS is to forward connection requests. http://technet.microsoft.com/en-us/library/cc754518.aspx

QUESTION 15Hotspot QuestionYou have a server named Server1 that runs Windows Server 2012 R2.You configure Network Access Protection (NAP) on Server1.Your company implements a new security policy stating that all client computers must have the latest updates installed. The company informs all employees that they have two weeks to update their computer accordingly.You need to ensure that if the client computers have automatic updating disabled, they are provided with full access to the network until a specific date and time.Which two nodes should you configure?To answer, select the appropriate two nodes in the answer area.

Answer:

Explanation:

QUESTION 16Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. All of the DNS servers in both of the domains run Windows Server 2012 R2. The network contains two servers named Server1 and Server2. Server1 hosts an Active Directory-integrated zone for contoso.com. Server2 hosts an Active Directory-integrated zone for fabrikam.com. Server1 and Server2 connect to each other by using a WAN link. Client computers that connect to Server1 for name resolution cannot resolve names in fabrikam.com. You need to configure Server1 to support the resolution of names in fabrikam.com. The solution must ensure that users in contoso.com can resolve names in fabrikam.com if the WAN link fails.What should you do on Server1?

QUESTION 17Hotspot QuestionYour network contains an Active Director domain named contoso.com. The domain contains a file server named Server1. All servers run Windows Server 2012 R2.You have two user accounts named User1 and User2. User1 and User2 are the members of a group named Group1. User1 has the Department value set to Accounting, user2 has the Department value set to Marketing. Both users have the Employee Type value set to Contract Employee.You create the auditing entry as shown in the exhibit. (Click the Exhibit button.)

To answer, complete each statement according to the information presented in the exhibit.Each correct selection is worth one point.

Answer:

Explanation:The Auditing Entry events for file access logs that match the misconfigured permissions and carried out by a principal that satisfies both conditions for Sarah is the attribute Department with the value marketing festgelgt.

The condition for the attribute department may have to be changed accordingly, so that their deletions are logged. In order to monitor the opening of files, read access must be involved in the monitoring.

QUESTION 18Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the DNS Server server role installed. Server1 hosts a primary zone for contoso.com. Server2 hosts a secondary zone for contoso.com. The zone is not configure to notify secondary servers of changes automatically. You update several records on Server1. You need to force the replication of the contoso.com zone records from Server1 to Server2.What should you do from Server2?

QUESTION 19Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2.The network contains several group Managed Service Accounts that are used by four member servers.You need to ensure that if a group Managed Service Account resets a password of a domain user account, an audit entry is created.You create a Group Policy object (GPO) named GPO1.What should you do next?

Answer: AExplanation:Audit User Account ManagementThis security policy setting determines whether the operating system generates audit events when the following user account management tasks are performed:– A user account is created, changed, deleted, renamed, disabled, enabled, locked out, or unlocked.– A user account password is set or changed.– Security identifier (SID) history is added to a user account.– The Directory Services Restore Mode password is set.– Permissions on accounts that are members of administrators groups are changed.– Credential Manager credentials are backed up or restored.This policy setting is essential for tracking events that involve provisioning and managinguser accounts.

QUESTION 20You have a DNS server named Server1 that has a Server Core Installation on Windows Server 2012 R2. You need to view the time-to-live (TTL) value of a name server (NS) record that is cached by the DNS Server service on Server1.What should you run?